-@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2024040501 10800 3600 604800 10800
+@ 86400 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2024042401 10800 3600 604800 10800
@ 3600 IN NS pdns-public-ns1.powerdns.com.
@ 3600 IN NS pdns-public-ns2.powerdns.com.
recursor-4.8.4.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
recursor-4.8.5.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
recursor-4.8.6.security-status 60 IN TXT "1 OK"
-recursor-4.8.7.security-status 60 IN TXT "1 OK"
+recursor-4.8.7.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html"
+recursor-4.8.8.security-status 60 IN TXT "1 OK"
recursor-4.9.0-alpha1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
recursor-4.9.0-beta1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
recursor-4.9.0-rc1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
recursor-4.9.1.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
recursor-4.9.2.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
recursor-4.9.3.security-status 60 IN TXT "1 OK"
-recursor-4.9.4.security-status 60 IN TXT "1 OK"
+recursor-4.9.4.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html"
+recursor-4.9.5.security-status 60 IN TXT "1 OK"
recursor-5.0.0-alpha1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
recursor-5.0.0-alpha2.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
recursor-5.0.0-beta1.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
recursor-5.0.0.security-status 60 IN TXT "3 Unsupported pre-release (known vulnerabilities)"
recursor-5.0.1.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
recursor-5.0.2.security-status 60 IN TXT "1 OK"
-recursor-5.0.3.security-status 60 IN TXT "1 OK"
+recursor-5.0.3.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html"
+recursor-5.0.4.security-status 60 IN TXT "1 OK"
; Recursor Debian
recursor-3.6.2-2.debian.security-status 60 IN TXT "3 Upgrade now, see https://doc.powerdns.com/3/security/powerdns-advisory-2015-01/ and https://doc.powerdns.com/3/security/powerdns-advisory-2016-02/"
--- /dev/null
+PowerDNS Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor
+========================================================================================================================================
+
+ CVE: CVE-2024-25583
+ Date: 24th of April 2024.
+ Affects: PowerDNS Recursor 4.8.7, 4.9.4 and 5.0.3, earlier versions are not affected
+ Not affected: PowerDNS Recursor 4.8.8, 4.9.5 and 5.0.4
+ Severity: High (only when using recursive forwarding)
+ Impact: Denial of service
+ Exploit: This problem can be triggered by an attacker publishing a crafted zone
+ Risk of system compromise: None
+ Solution: Upgrade to patched version
+
+When using recursive forwarding, a crafted response from an upstream server can cause a Denial of
+Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding
+and is not affected.
+
+CVSS Score: 7.5, only for configurations using recursive forwarding, see
+https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1
+
+The remedy is to update to a patched version.